Back to skill
Skillv1.0.0
ClawScan security
Board Of Advisors · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 6, 2026, 2:07 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only skill that provides canned strategic advisor personas and questions; it asks for no credentials, makes no external installs, and its runtime instructions stay within the advertised scope.
- Guidance
- This skill is instruction-only and requests no credentials or installs, so technical risk is low. Before installing, you may want to: (1) confirm the publisher (README/_meta.json mention ClawGeeks but registry source is 'unknown'), (2) remember that the advice is generic AI-generated strategic guidance and not a substitute for professional legal/accounting advice, and (3) monitor outputs for hallucinated facts or invented credentials/claims when discussing sensitive transactions (fundraising, M&A). If you need vendor accountability, ask for a verifiable homepage or publisher contact before using in critical workflows.
Review Dimensions
- Purpose & Capability
- okName/description match the content: SKILL.md defines 15 advisor personas and how to invoke them. Nothing requested (no env vars, binaries, or installs) appears unnecessary for providing advisory text.
- Instruction Scope
- okRuntime instructions are limited to introducing advisors, asking strategic questions, applying frameworks, and noting red flags. There are no commands, file reads, or directives to access environment variables or external endpoints.
- Install Mechanism
- okNo install spec and no code files — instruction-only. Nothing will be downloaded or written to disk as part of an install, which minimizes surface area.
- Credentials
- okSkill declares no required environment variables, credentials, or config paths. There is no disproportionate access requested relative to the stated purpose.
- Persistence & Privilege
- okalways is false and the skill does not request special persistent privileges. disable-model-invocation is false (default) allowing autonomous invocation, which is normal for skills and not concerning here given the minimal scope.